Sunday, February 04, 2007

Online System Security Scanners

I've provided several lists of home/personal PC security software resources users may find helpful in scanning, securing, and cleaning their Windows based computers of rootkits, malware and spyware, viruses and trojans, and rouge processes:

I almost always have a copy of most of my tools and the setup and installation files for my most preferred utilities and applications in these categories on an ever-present USB stick. That's important, because if I am asked to look at a user's pc, and it has been compromised, I may want to disconnect it from the network to do my work, severing any malicious activity from the network. Or maybe the network connection has been damaged or destroyed by the malicious file. In these cases, I might not be able to otherwise download one or some of these programs from the Net to the local pc.

Having a copy on my USB stick (set to read-only to avoid cross-contamination of my USB volume) is very useful.

Because of this, I don't usually see a daily need to run an on-line scan of a system to look for the presence of malicious software. No Net access means these options don't work. Also, dial-up users may find the time required to run these may be prohibitive. Broadband access users wouldn't likely see that issue.

However, there are times when the the option of running an online scan of a Windows system might be better than nothing.

Or in the case of a few online scanning services...they are dead-useful resources when working with a potentially compromised file that may not be registering with your installed anti-virus application, and you want peace-of-mind before opening it.

Or you might be getting what you think is a false-positive return of a file you a very sure is legitimate...but want a second opinion before progressing.

There are a number of lists out there like this one. I've tried to collect them together and group them by subject in an informative way.

Services and providers presented in alphabetical order.

Note: Some services use ActiveX controls to work, therefore can only be run from Microsoft Internet Explorer. I've tried to indicate these where possible.

Others are more Firefox/Opera friendly.

Some services will scan your entire system while others require the upload of a suspicious file to their service to scan. Reports may be provided via the web or via return email.

Sunbelt CWSandbox - Sunbelt Software's free automated malware analysis. Upload a single file to check file behavior in a "sandboxed" system. From website description, "CWSandbox not only analyzes the given malware, but also all other processes that are started or infected by the malware." More info here. (added to list 02/07/2006)

Secunia's Software Inspector - "Detects insecure versions of applications installed, verifies that all Microsoft patches are applied, assists you in updating your system and applications, runs through your browser. No installation or download is required." - from Secunia's service description.

Not Quite "Fully-Online" Based Software or System Security Vulnerability Scanners

A few of the products/services noted on other lists are included in their online scanner lists, but actually require download and execution of a exe (executable) based file on the local pc or download and running of exe (executable) based file from memory. While technically these might be considered "on-line" scanners, they are not so in the manner of the ones listed above.

I have chosen to include some of these products in this post, as they may be otherwise beneficial for interested parties to explore further;

Microsoft: Malicious Software Removal Tool (for Windows XP and 2K) - targets only specific threats, included in Microsoft Critical Updates, so you may already have the file (MRT.exe) on your system: It is usually located in the C:\Windows\System32\ folder on XP systems or in the C:\WINNT\System32\ folder on Windows 2000 systems.

I did quite a bit of work hunting these tools down, and then checking the links to get more information about the conditions they ran under and what category they would best be placed under. However, these links were the most helpful in providing me the services noted.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!